{"id":20176730,"url":"https://github.com/octaspire/openbsd_config","last_synced_at":"2025-06-22T05:38:00.634Z","repository":{"id":136899338,"uuid":"140943402","full_name":"octaspire/OpenBSD_config","owner":"octaspire","description":"Octaspire's OpenBSD configuration","archived":false,"fork":false,"pushed_at":"2019-03-10T22:14:17.000Z","size":131,"stargazers_count":4,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-13T16:26:12.347Z","etag":null,"topics":["installation-notes","openbsd","openbsd-scripts"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/octaspire.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-07-14T12:13:16.000Z","updated_at":"2025-01-06T18:43:56.000Z","dependencies_parsed_at":null,"dependency_job_id":"6d7639c7-0ed5-4d6b-a2c6-e7ef8318e2d1","html_url":"https://github.com/octaspire/OpenBSD_config","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/octaspire%2FOpenBSD_config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/octaspire%2FOpenBSD_config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/octaspire%2FOpenBSD_config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/octaspire%2FOpenBSD_config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/octaspire","download_url":"https://codeload.github.com/octaspire/OpenBSD_config/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241612227,"owners_count":19990754,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["installation-notes","openbsd","openbsd-scripts"],"created_at":"2024-11-14T02:11:09.718Z","updated_at":"2025-03-03T05:21:21.953Z","avatar_url":"https://github.com/octaspire.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Octaspire's OpenBSD configuration\n\nDotfiles and other configuration files to be used specifically with OpenBSD.\n\n## Usage\n\nYou *MUST* check that the `install.sh` script is OK before running it. It will OVERWRITE files\nand copy some files using *SUDO*.\n\n````sh\ncd OpenBSD_config\n./install.sh\ncd\nstartx\n# Press CapsLock + Alt + enter\n# Press CapsLock + Alt + f\ngit clone https://github.com/octaspire/dotfiles.git\ncd dotfiles\nstow tmux\nstow mg\nstow cwm\ncd\ntmux\n# Press CapsLock + b and then %.\nmg\n# That's it.\n````\n\nSome highlights of the configuration:\n\n* Installs a nice-looking TrueType font for xterm (and other xorg).\n* Uses *cwm* from the OpenBSD base as the window manager. Cwm keybindings are changed so that those would not conflict with the ones from GNU Emacs.\n* Uses *Korn shell* from the OpenBSD base as the shell.\n    * Adds custom Korn shell TAB completion for the UNIX password store (pass) command.\n* Uses *mg* from the OpenBSD base as the editor.\n* Turns CapsLock into a Ctrl (in both console and xorg).\n* Turns AltGr into an Alt/Meta (in both console and xorg).\n* Enables *apmd* (Advanced Power Management daemon).\n* Modifies terminal prompt.\n\n## License\n\nApache License 2.0. See the directory `AnonymousPro` for the license of the TTF font.\n\n## Installation and post-installation example with full disc encryption into empty Lenovo ThinkPad T470\n\n**Follow these instructions at your own risk. These instructions are not guaranteed to be correct or represent\nany best practices; they work for me. Everything on the hard drive will be erased, so make backups\nfirst and check that you can access data on those backups before starting. Also, entering a wrong device name\ncan cause wrong drive to be erased, if you have more than one, so check the device names and use different\nnames if there is a need!**\n\nRequired: an empty USB flash drive, RJ45 ethernet cable, internet connection and\nThinkpad T470 or similar computer with empty hard drive.\n\nDownload OpenBSD 6.3 or newer for amd64 architecture and write it into the flash drive.\n\n1. Connect USB stick and RJ45 cable and boot the machine.\n2. Press F12 when the Lenovo logo is shown to enter the Boot Menu.\n3. In the Boot Menu, select your USB stick with the arrow keys and press enter.\n   (It might be shown as USB HDD: something XYGB). If the machine\n   wont start from the USB, you might have to disable secure boot\n   at the BIOS configuration. You can enter the setup by rebooting\n   the machine and pressing enter during the startup. Look for\n   a secure boot setting, and if it is on, turn it off, save the\n   settings and try again.\n4. When asked wheter to (I)nstall, (U)pgrade, (A)utoinstall or (S)hell, write `s \u003center\u003e` for shell.\n5. Give command: `dd if=/dev/urandom of=/dev/rsd0c bs=1m`. Grab a coffee;\n   this will take about 24 minutes on a T470 and 49 minutes on an X1 Carbon,\n   and even longer if you have a larger hard didk.\n   **This command will overwrite everything on the disk with random data**.\n6. Use GPT for UEFI booting: `fdisk -iy -g -b 960 sd0`.\n7. Give command: `disklabel -E sd0`. Inside disklabel:\n   ```\n   \u003e a a\n   offset: [1024/whatever was suggested]\n   size: [500103386] *\n   FS type: [4.2BSD] RAID\n   \u003e w\n   \u003e q\n   ```\n8. Give command: `bioctl -c C -l sd0a softraid0`. And write a new passphrase twice:\n   ```\n   New passphrase: write_your_passphrase_here\n   Re-type passphrase: write_your_passphrase_here\n   ...\n   softraid0: CRYPTO volume attached as sd3\n   ```\n   Take a note of the volume name that is reported to be attached as a CRYPTO volume.\n   Here it is *sd3*. Also, make absolutely sure that you remember the passphrase you gave.\n   If you ever happen to forget it, you **will not be able to decrypt your data anymore**.\n9. Give command: `cd /dev`\n10. Give command: `sh MAKEDEV sd3`. Use the device name reported by the system at step 8.\n11. Give command: `dd if=zero of=rsd3c bs=1m count=1`. Use a raw device name based on the name\n    reported by the system at step 8. **Data will be overwritten**.\n12. Write `exit \u003center\u003e` to return to the installer.\n    Later select sd3 as the installation harddisk (Use the device that is reported\n    to be attached as CRYPTO volume at step 8).\n13. Write `I \u003center\u003e` to start installation.\n14. Select keyboard layout by writing `us \u003center\u003e`, `sv \u003center\u003e` or something else.\n15. Write a hostname, for example `T470 \u003center\u003e`.\n16. Write `em0 \u003center\u003e` to configure wired network.\n17. Select default of *[dhcp]*.\n18. Select default of *[none]* for IPv6.\n19. *[done]*\n20. Select default DNS domain name of *[my.domain]* or enter something else.\n21. Enter root password twice.\n22. Write `no \u003center\u003e` to disable sshd(8).\n23. Select default of *[no]* to question about starting X Window System automatically using xenodm(1).\n24. Select default *[no]* to question about changing the dafault console to com0.\n25. Setup a user, give username and password twice.\n26. Select time zone, detected one should be fine.\n27. Write `sd3 \u003center\u003e` to tell what is the root disk (use the device reported by installer as the CRYPTO volume at step 8).\n28. *w* (for whole disk).\n29. Select default *[a]* for (A)uto layout.\n30. *[done]* because we don't want to initialize more disks.\n31. Select default *[http]* as location of sets.\n32. *[none]* for no HTTP proxy.\n33. Select default HTTP server suggested by the installer, for example *[ftp.eu.openbsd.org]*.\n34. Select default Server directory *[pub/OpenBSD/6.3/amd64]*.\n35. Select default *[done]* to select all the sets. Wait few minutes for them to download.\n36. *[done]*.\n37. Write `H \u003center\u003e` for (H)alt.\n38. Remove usb stick and press a key to reboot.\n39. Give passphrase.\n40. Login as root.\n41. Optional: update system: `syspatch`.\n    If syspatch complaints about invalid URL in `/etc/installurl` run command\n    `echo \"https://ftp.eu.openbsd.org/pub/OpenBSD\" \u003e /etc/installurl`\n    (or use another mirror that is closer to you).\n42. `pkg_add sudo base64 colorls cppcheck cmake coreutils feh stow the_silver_searcher ggrep git gmake gsed gnupg-2.2.4 groff firefox zathura zathura-ps zathura-pdf-mupdf sdl2 sdl2-image sdl2-mixer sdl2-ttf mu offlineimap`\n    Install any additional packages you might need. Above is just an example, if you do not need something, don't install it.\n43. Use `visudo` command to give 'wheel' group sudo permissions,\n    by uncommenting the wheel-line from the sudoers file, as\n    instructed in the comments of the file:\n    ```\n    visudo\n    exit\n    ```\n    After logging out login as your regular user (that can now use `sudo` to run commands as root).\n44. `git clone https://github.com/octaspire/OpenBSD_config.git`\n45. `cd OpenBSD_config`\n46.  `./install.sh`\n47. Write `yes`.\n48. Give password of the regular unpriviledged user for sudo access.\n49. `cd`\n50. `git clone https://github.com/octaspire/dotfiles.git`\n51. `cd dotfiles`\n52. `stow tmux`\n53. `stow mg` and `stow cwm`\n54. To configure wlan, add file `/etc/hostname.iwm0`:\n    `sudoedit /etc/hostname.iwm0`\n55. Write into the file the following three lines:\n    ```\n    nwid your_wlan_id_here\n    wpakey your_wlan_password_here\n    dhcp\n    ```\n    Be sure to replace text *your_wlan_id_here* with the name/SSID of\n    your wireless network and the text *your_wlan_password_here* with the\n    correct WiFi password.\n56. Set correct permissions for the file to make it secure,\n    or let OpenBSD to fix the pemissions on next reboot.\n57. If you want to shorten the boot delay: `sudoedit /etc/boot.conf`\n58. Add line `set timeout 2`, save the file and exit editor. Use longer time, if you want.\n    This change is not important, it will only make the boot timeout shorter,\n    so that machine starts faster.\n59. Reboot machine by writing: `doas /sbin/reboot`\n\nAll done and the wireless connection should work also.\n\nTo build latest GNU Emacs, download `emacs-26.1.tar.gz`, `emacs-26.1.tar.gz.sig` and `gnu-keyring.gpg`.\nIssue commands:\n\n```\ngpg2 --import gnu-keyring.gpg\ngpg2 --verify emacs-26.1.tar.gz.sig emacs-26.1.tar.gz # check that the signature is good.\ntar xfz emacs-26.1.tar.gz\ncd emacs-26.1\n./configure --with-jpeg=no --with-gif=no --with-tiff=no\ngmake -j4\nsudo gmake install\n```\n\nYou can make mounting of external flash drives easier by modifying file `/etc/fstab` and\nby adding line similar to the one below (check and use the correct device name):\n\n```\n/dev/sd2i /stick msdos rw,noauto\n```\n\nTo Add a nice OpenBSD themed Desktop wallpaper, run the following commands:\n\n````\ncurl -O https://www.openbsd.org/art/puffy/ppuf1000X907.gif\nfeh --bg-scale ppuf1000X907.gif\n````\n\nThe commands above download a picture and then create a `.fehbg` file.\n`.xinitrc` checks if that file exists and if it does, runs it, so the wallpaper\nendures reboots.\n\n## System performance improvements\n\nSecurity features are more important in OpenBSD than\nthe system performance and thus some programs, for example\nweb browsers, might feel slow compared to other systems.\n\nSystem performance can be improved, for example, by using\n*soft updates* and *ramdisk on /tmp*.\n\nSoft updates can be enabled by modifying file `/etc/fstab` and using\noption `softdep`. For example:\n\n````\n... / ffs rw,softdep 1 1\n````\n\nAlthough it might be better to do this only for user partitions (?).\n\nTo use fast ramdisk for `/tmp`, the previous `/tmp` line in file\n`/etc/fstab` can be replaced with this line (or with something\nsimilar):\n\n````\nswap /tmp mfs rw,noexec,nosuid,nodev,noatime,-s=2G 0 0\n````\n\nBy using other value instead of `2G` the size of the ramdisk\ncan be changed. Depending of the available RAM, you might\nwant to use a larger or smaller value.\n\nBefore the mountpoint `/tmp` is mounted, the permissions\nshould be fixed:\n\n````sh\n# chmod 1777 /tmp\n````\n\nIf this is not done, `startx` (for example) might fail and\ncomplaint that it cannot write into `/tmp`. In this case\nfixing the permissions of `/tmp` and mounting it again\nwill fix the problem.\n\n## Updating\n\nWhen updating the system (for example to follow current, or\nto get a new release of OpenBSD), the (U)pgrade installer asks:\n\n````\nAvailable disks are: sd0 sd1.\nwhich disk is the root disk?\n````\n\nAnswer here `sd1`.\n\n## Notes\n\n`xenodm(1)` can be enabled after installation with:\n\n````\n# rcctl enable xenodm\n# rcctl start xenodm\n````\n\nIn this case, to get the same settings that with `startx(1)`\n(for example `cwm`, CapsLock modifications, etc.)\nthe file `.xsession` should contain the same\nsettings that file `.xinitrc`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foctaspire%2Fopenbsd_config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foctaspire%2Fopenbsd_config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foctaspire%2Fopenbsd_config/lists"}